The Hacker News

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications,"

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications," Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comServer Security / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to run arbitrary payloads

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services (IIS) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to run arbitrary payloadsRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber Espionage / Server Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The origins of the hacking crew are presently unknown. In Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber War / Threat Intel37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq,

Government and diplomatic entities in the Middle East and South Asia are the target of a new advanced persistent threat actor named GoldenJackal. Russian cybersecurity firm Kaspersky, which has been keeping tabs on the group's activities since mid-2020, characterized the adversary as both capable and stealthy. The targeting scope of the campaign is focused on Afghanistan, Azerbaijan, Iran, Iraq,Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber Threat / APT37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The North Korean advanced persistent threat (APT) group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks," SentinelOne researchers Aleksandar Milenkoski and Tom

The North Korean advanced persistent threat (APT) group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of reconnaissance campaigns to enable subsequent attacks," SentinelOne researchers Aleksandar Milenkoski and Tom Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCyber Threat / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity.  The report shows a 67% year-over-year increase in the number of secrets found, with 10 million hard-coded secrets detected

The most precious asset in today's information age is the secret safeguarded under lock and key. Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity.  The report shows a 67% year-over-year increase in the number of secrets found, with 10 million hard-coded secrets detected The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comApplication Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX (WinTapix.sys), attributed the malware with low confidence to an Iranian threat actor. "WinTapix.sys is essentially a loader," security researchers Geri Revay and Hossein Jazi said

An unknown threat actor has been observed leveraging a malicious Windows kernel driver in attacks likely targeting the Middle East since at least May 2020. Fortinet Fortiguard Labs, which dubbed the artifact WINTAPIX (WinTapix.sys), attributed the malware with low confidence to an Iranian threat actor. "WinTapix.sys is essentially a loader," security researchers Geri Revay and Hossein Jazi said Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comEndpoint Security/ Malware37.09024 -95.71289119.691712968468075 -130.869141 54.488767031531928 -60.556641

China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country's cybersecurity authority initiated a probe in late March 2023 to assess potential network security risks. "The purpose of this network security review of Micron's products is to

China has banned U.S. chip maker Micron from selling its products to Chinese companies working on key infrastructure projects, citing national security risks. The development comes nearly two months after the country's cybersecurity authority initiated a probe in late March 2023 to assess potential network security risks. "The purpose of this network security review of Micron's products is to Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comNational Security / Hardware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed

Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comData Protection / Privacy37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641

A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker GUI-vil (pronounced Goo-ee-vil). "The group displays a preference for Graphical

A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker GUI-vil (pronounced Goo-ee-vil). "The group displays a preference for Graphical Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.comCryptocurrency / Cloud Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641